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facsimile is strictly prohibited, tf you have received this facsimile in error, please notify 
the sender by telephone (coirecf), so that we may arrange to retrieve this information 
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In re Application of: Foxet al Groiq) Art Unit:: 2132 

Application Serial No. 09/448,854 Examiner Zmd, Kambiz 

AttoB^ Docket No.: 1850 Filing Date: 11/23/99 

For Certificate Reissuance For Checking The Status Of A Certificate In Financial 
Transactions 

February 27, 2004 

Via fax to Examiner Kambiz Zand 
Teh #703-306^169 

Commissioner for Patents 
PO Box 1450 

Alexandria, VA 22313-1450 



APPLrCANT INITIATED INTERVIEW 

Applicant's representative; Kenneth Paley, of the Law OflBces of Albert S. Miciafik, 
wishes an interview with the Examiner^ currently scheduled for March 2, 2Q04^at 5:30 PM 
EST, to discuss the Perlman reference (US Patent No; 6^230^266) as it relies to Applicants^ 
Application, particularly the §102 rejection of Applicants' indq[)endent claims, in particular 

Claim 1 \\4iich may be amended to read: 

L (curraitly amended):. Acomputer-readablamediiun haiidng_compi^- 
executable instructions, comprising: 

receiving a first transaction request in association with a first cs^ficate 
issued by a certificate authoiit v, the first certificate having a representation of an 
issuer name and a subject name: 

communicating with ti status^utbority to quay for cuneirt status 
information on the first certificate; and 

receiving a second certificate from the status authority indicating tfie 
current status of the first certificat e, the second certificate having a 
rcpr^entation of tiie issuer name and the snhi f^ name. 

Claim 14 which may be amended to read: 

14. (currently amended): A computer-readable medium having computer- 
executable instructions^ comprising: 

receiving a query from a relying party for current status information on a 
first certificat e, the first c^ficat& having a representation of an issu^ namftand 
a subject name: and 

isaiing a iiata structure including ^jsecond x^ertificale indicating the 
current status of the first certificat e, the second certificate having a 
representation of the issuer name and the suhj ert name-. 
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Claim 23 whidi may be amended to read: 

23. (currently amended); A method for performing elecfronic 

commerce, comprising, 

receiving, at a certificate authority, a first request for a certificate; 

verifying whether the certificate should be issued, and if so, issuing the 
certificate; 

receiving a second request at a status authority for status information 
about the certificate; and 

issuing a reissue certificate including the status information in restK)nse 
to Ae receiving a second request at a status authori ty for status information 
about the certificate . 

Claim 29 which may be amended to read: 

29. (currently amended): A method for performing electronic 

commerce, comprising: 

receiving a certificate at an end entity; 

providing the certificate to a relying party; and 

receiving a receipt at flie end entity fi-om Ae relying party, the receipt 

including a reissue s tatus information about tho -certificate. 

And Claim 35: 

35. (original): A method for performing electronic commerce, 
comprising, 

receiving a certificate with a request to perform a transaction; 

communicating with a st^us authority to request status information 
about the certificate; 

receiving a reissue certificate including the status information in 
response to the request; and 

deciding whether to perform the transaction based on the status 
information. 

In genial terms. Applicants understand that Perltnan describes a scheme for delegation 
and revocation.(renunciation) of a certificate authority's authority to revoke a certificate that it 
has issued to a networic of online revocation servers. Perhnan describes two types of 
certificates for this purpose, a delegation certificate and renimciation certificate. 

In the described Perlman embodiment (FIG, 2\ a system includes a plural quantity of 
certificate authority (CA) and associated on-line revocation server (OLRS) pairs. Principals 
(nodes) request a CA to issue certificates to audienticate their public keys, and the CA issues 
such c^ficates (Col. 5, lines 43-45). The CA is informed vrfiich unexpired certificates should 
no longer be honored (CoL 5, line 47). The CA stores revoked certificates in amaster 
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Certificate Revocation List (CRL) (Col. 5, lines 48-49). The OLRS obtains via unspecified 
means the information contained in the CA*s master CRU and may augment the master CRL. 
via imspecified means witii real-time additional C A issued imexpired revoked certificates (Gol 

5, Hnes 59^8). The OLRS's master CRL and die real-time information together form 
certificate revocation status information available to inquiring principals (Col. 5, lines 65-67). 
The OLRS provides to a vertfymg principal this certificate revocation information (CoL 5, lines 
56-57). A verifying principal may query the OLRS for the stored certificate revocation status 
information, to determine whether a particular query specified certificate has been revoked 
(Col. 6, lines 1-4). The OLRS authenticates the result of a particular query by signing the result 
using its private key (or by a secret negotiated session key) (Col. 6, lines 4-8). The OLRS may 
also provide to inquiring principals certificates indicating vvhether the particxilar certificates 
specified in the query have been revoked, and/or the delegation certificate provided to it by the 
CA authorizing the OLRS to provide certificate revocation status information (Col. 6, lines 8- 
13). 

If the CA determines that the OLRS has been compromised, a second (ie., 
uncompromised) OLRS 206 having substantially the same configuration and operation as Ae 
first OLRS, is made part of the system along with its paired CA- (CoL 6, lines 23-29) 

Assuming that tiie CA has not been compromised, the second CA generates, after 
compromise of the OLRS is detected, a special delegation certificate for the second OLRS, that 
authorizes the second OLRS to provide certificate revocation status information on behalf of 
the second CA, signs the special delegation certificate using the private key belonginjg to flie 
second CA, and supplies the signed delegation certificate to the second OLRS and/or network 
directory service (CoL 6, lines 30-42). After verifying tiiat the special delegation certificate is 
properly signed by the second CA , the second OLRS begins to supply certificate revocation 
status information and copies of the special delegation certificate to verifying principals (Col. 

6, lines 42-46). Alternatively, if the second OLRS is unable to verify that the special dele^tion 
certificate is properly signed by the second CA, the delegation certificate is ignored (Col. 6, 
lines 46-49). 

The special information contained in the special delegation certificate notifies verifying 
principals furnished with the delegation certificate that certificates issued by the first CA, 
except the delegation certificate aqthoriziiig comx>romised first OLRS to provide certificate 
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revocation status information on behalf of the first CA, should continue to be honored as valid, 
but that all inquiries; regarding, revocation of certificates, issued, by the. second GA should be 
directed to the uncompromised second OLRS, as the first OLRS has been compromised (Col. 
6, lines 50-59): 

The remainder of Perlman generally describes schema for determining viieAer an 
OLRS has been compromised, and if so having another OLRS paired with a different CA 
provide revocation status to inquiring principals. Perlman*s certificates are issued to the public 
key ofthe OLRS (as illustrated in the figures.) Ihere is no desOTption of a mechanism for an 
OLRS being sent such a certificate. When an OLRS gives status, it presiunably signs the status 
and includes its own delegation certificate. There is nothing in Perlman that indicates that the 
OLRS always issues a new certificate. If all an OLRS obtains in a query is a serial number, it 
is only an assumption that an OLRS pulls a public key from a certificate and signs it as a 
response. 

Respectfully submitted. 



Kenneth Paley, Registration No. 38,989 

Attorney for AppUcant 

Law Offices of Albert S, Michahk, PLLC 

704 -228*^ Avenue NE 

Sammamish, WA 98074 

206-527-6637 
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